mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-12-21 08:29:39 +08:00
Update release notes for 9.2.4, 9.1.9, 9.0.13, 8.4.17.
Security: CVE-2013-1899, CVE-2013-1901
This commit is contained in:
parent
17fe2793ea
commit
89b661bab9
@ -41,6 +41,20 @@
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Fix insecure parsing of server command-line switches (Mitsumasa
|
||||
Kondo, Kyotaro Horiguchi)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A connection request containing a database name that begins with
|
||||
<quote><literal>-</></quote> could be crafted to damage or destroy
|
||||
files within the server's data directory, even if the request is
|
||||
eventually rejected. (CVE-2013-1899)
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Reset OpenSSL randomness state in each postmaster child process
|
||||
|
@ -41,6 +41,20 @@
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Fix insecure parsing of server command-line switches (Mitsumasa
|
||||
Kondo, Kyotaro Horiguchi)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A connection request containing a database name that begins with
|
||||
<quote><literal>-</></quote> could be crafted to damage or destroy
|
||||
files within the server's data directory, even if the request is
|
||||
eventually rejected. (CVE-2013-1899)
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Reset OpenSSL randomness state in each postmaster child process
|
||||
@ -56,6 +70,20 @@
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Make REPLICATION privilege checks test current user not authenticated
|
||||
user (Noah Misch)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
An unprivileged database user could exploit this mistake to call
|
||||
<function>pg_start_backup()</> or <function>pg_stop_backup()</>,
|
||||
thus possibly interfering with creation of routine backups.
|
||||
(CVE-2013-1901)
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when
|
||||
|
@ -41,6 +41,20 @@
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Fix insecure parsing of server command-line switches (Mitsumasa
|
||||
Kondo, Kyotaro Horiguchi)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A connection request containing a database name that begins with
|
||||
<quote><literal>-</></quote> could be crafted to damage or destroy
|
||||
files within the server's data directory, even if the request is
|
||||
eventually rejected. (CVE-2013-1899)
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Reset OpenSSL randomness state in each postmaster child process
|
||||
@ -56,6 +70,20 @@
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Make REPLICATION privilege checks test current user not authenticated
|
||||
user (Noah Misch)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
An unprivileged database user could exploit this mistake to call
|
||||
<function>pg_start_backup()</> or <function>pg_stop_backup()</>,
|
||||
thus possibly interfering with creation of routine backups.
|
||||
(CVE-2013-1901)
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when
|
||||
|
Loading…
Reference in New Issue
Block a user